How stupid do they think I am?!

[cellio]

From a bogus "support" address:

Dear user, the management of Uj.edu mailing system wants to let you know
that,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For more information see the attached file.

Have a good day,
The Uj.edu team http://www.uj.edu

Comments

[zare-k.livejournal.com]

Oh, interesting. I got a variant of this as well. It was very nice about providing detailed instructions on how to manipulate the enclosed zip file. I think it's cute that they're sending such old-school spam.

[cellio]

Yup! Sometimes the low-tech approach is easiest. :-)

These particular virus-propegators are incompetent, though; there was no attached file to look at from the safety of a Unix machine.

[geekosaur]

It's one of the newer variants of the "Beagle" virus. Feh.

[cellio]

Oh, I'm sure it's a virus (or would have been if they'd remembered to attach the file). I'm mildly amused by the "here, this will fix your virus" ploy (when I don't have a virus and didn't send them mail). I guess there are still enough people out there who'll fall for this that it's worth it to them to send such mail. Shrug.

[geekosaur]

There are enough people that will fall for it that it's posing a serious problem for network administrators. :(

[ralphmelton.livejournal.com]

I got one myself:

Dear user, the management of Cmu.edu mailing system wants to let you know that,

Your e-mail account has been temporary disabled because of unauthorized access.

For details see the attached file.

For security purposes the attached file is password protected. Password is "08861".

Best wishes,
The Cmu.edu team http://www.cmu.edu

I've heard that the password protection on the payload is challenging automated virus detection, because it's hard for the automated system to inspect the payload.

[cellio]

I got one of those "your account has been disabled" ones recently too (from some place where I've never had an account). Mine had the password-protection thing too; I didn't realize it was real. I thought it was just fluff to make the message seem more authentic to the careless. If it's really password-protected and that screws up virus detection, that's clever. Annoying, but clever. :-)

[ralphmelton.livejournal.com]

I'm just making claims on the basis of one remark whose source I can't even remember. I haven't tried opening the zip file, because, y'know, I'm not that curious.

[cellio]

Someone I know was going to pop it open under Linux and look around out of curiosity, but I haven't yet heard what he found. I'm not that curious either.

[arib.livejournal.com]

I got the same message yesterday. Clever, if it'd actually work.

[geekosaur]

It's working well enough that it's spreading :(

[tashabear.livejournal.com]

Holy crap, I just got one on a Yahoo!groups mailing list. Thank goodness it strips attachments, or there'd be a lot of propagatin' going on.

[ichur72.livejournal.com]

For a while AOL was absolutely overrun with messages such as these -- most of them purporting to be from customer service but really designed to extract credit card info. One thing that struck me about these messages was that they were almost always packed with with misspellings and bad grammar. Is there some rule that makes spam-sending cause you to lose IQ points?

[cellio]

Is there some rule that makes spam-sending cause you to lose IQ points?

I've been assuming, without investigation, that a fair bit of this junk originates in places where English isn't the dominant language.

[psu-jedi.livejournal.com]

It's real enough, and my IT support at my employer has been sending out messages this morning warning us not to open any zip file that contains a password. As mentioned, it's to get around the auto virus detect. I haven't gotten any yet, but I'm assuming a bunch of people have, else they wouldn't have sent the warning.

[cellio]

I just got the "c'mon; we're not that lame and it didn't really come from us" message from my provider, too.

[rectangularcat]

I got that one this morning as well. Wonder if they hacked into LJ?

[cellio]

I have gotten spam to my LJ address, but this particular one went to pobox.